CVE-2024-45518

EPSS 20.52%
Veröffentlicht 22.10.2024 17:15:03
Zuletzt bearbeitet 30.10.2024 21:23:59
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery (SSRF) due to improper input sanitization and misconfigured domain whitelisting. This issue permits unauthorized HTTP requests to be sent to internal services, which can lead to Remote Code Execution (RCE) by chaining Command Injection within the internal service. When combined with existing XSS vulnerabilities, this SSRF issue can further facilitate Remote Code Execution (RCE).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zimbra ≫ Collaboration Version >= 10.0.0 < 10.0.9

Zimbra ≫ Collaboration Version8.8.15 Update-

Zimbra ≫ Collaboration Version8.8.15 Updatep1

Zimbra ≫ Collaboration Version8.8.15 Updatep10

Zimbra ≫ Collaboration Version8.8.15 Updatep11

Zimbra ≫ Collaboration Version8.8.15 Updatep12

Zimbra ≫ Collaboration Version8.8.15 Updatep13

Zimbra ≫ Collaboration Version8.8.15 Updatep14

Zimbra ≫ Collaboration Version8.8.15 Updatep15

Zimbra ≫ Collaboration Version8.8.15 Updatep16

Zimbra ≫ Collaboration Version8.8.15 Updatep17

Zimbra ≫ Collaboration Version8.8.15 Updatep18

Zimbra ≫ Collaboration Version8.8.15 Updatep19

Zimbra ≫ Collaboration Version8.8.15 Updatep2

Zimbra ≫ Collaboration Version8.8.15 Updatep20

Zimbra ≫ Collaboration Version8.8.15 Updatep21

Zimbra ≫ Collaboration Version8.8.15 Updatep22

Zimbra ≫ Collaboration Version8.8.15 Updatep23

Zimbra ≫ Collaboration Version8.8.15 Updatep24

Zimbra ≫ Collaboration Version8.8.15 Updatep25

Zimbra ≫ Collaboration Version8.8.15 Updatep26

Zimbra ≫ Collaboration Version8.8.15 Updatep27

Zimbra ≫ Collaboration Version8.8.15 Updatep28

Zimbra ≫ Collaboration Version8.8.15 Updatep29

Zimbra ≫ Collaboration Version8.8.15 Updatep3

Zimbra ≫ Collaboration Version8.8.15 Updatep30

Zimbra ≫ Collaboration Version8.8.15 Updatep31

Zimbra ≫ Collaboration Version8.8.15 Updatep32

Zimbra ≫ Collaboration Version8.8.15 Updatep33

Zimbra ≫ Collaboration Version8.8.15 Updatep34

Zimbra ≫ Collaboration Version8.8.15 Updatep35

Zimbra ≫ Collaboration Version8.8.15 Updatep37

Zimbra ≫ Collaboration Version8.8.15 Updatep4

Zimbra ≫ Collaboration Version8.8.15 Updatep40

Zimbra ≫ Collaboration Version8.8.15 Updatep41

Zimbra ≫ Collaboration Version8.8.15 Updatep42

Zimbra ≫ Collaboration Version8.8.15 Updatep43

Zimbra ≫ Collaboration Version8.8.15 Updatep44

Zimbra ≫ Collaboration Version8.8.15 Updatep45

Zimbra ≫ Collaboration Version8.8.15 Updatep5

Zimbra ≫ Collaboration Version8.8.15 Updatep6

Zimbra ≫ Collaboration Version8.8.15 Updatep7

Zimbra ≫ Collaboration Version8.8.15 Updatep8

Zimbra ≫ Collaboration Version8.8.15 Updatep9

Zimbra ≫ Collaboration Version9.0.0 Update-

Zimbra ≫ Collaboration Version9.0.0 Updatep0

Zimbra ≫ Collaboration Version9.0.0 Updatep1

Zimbra ≫ Collaboration Version9.0.0 Updatep10

Zimbra ≫ Collaboration Version9.0.0 Updatep11

Zimbra ≫ Collaboration Version9.0.0 Updatep12

Zimbra ≫ Collaboration Version9.0.0 Updatep13

Zimbra ≫ Collaboration Version9.0.0 Updatep14

Zimbra ≫ Collaboration Version9.0.0 Updatep15

Zimbra ≫ Collaboration Version9.0.0 Updatep16

Zimbra ≫ Collaboration Version9.0.0 Updatep19

Zimbra ≫ Collaboration Version9.0.0 Updatep2

Zimbra ≫ Collaboration Version9.0.0 Updatep20

Zimbra ≫ Collaboration Version9.0.0 Updatep21

Zimbra ≫ Collaboration Version9.0.0 Updatep23

Zimbra ≫ Collaboration Version9.0.0 Updatep24

Zimbra ≫ Collaboration Version9.0.0 Updatep24.1

Zimbra ≫ Collaboration Version9.0.0 Updatep25

Zimbra ≫ Collaboration Version9.0.0 Updatep26

Zimbra ≫ Collaboration Version9.0.0 Updatep27

Zimbra ≫ Collaboration Version9.0.0 Updatep3

Zimbra ≫ Collaboration Version9.0.0 Updatep33

Zimbra ≫ Collaboration Version9.0.0 Updatep34

Zimbra ≫ Collaboration Version9.0.0 Updatep35

Zimbra ≫ Collaboration Version9.0.0 Updatep36

Zimbra ≫ Collaboration Version9.0.0 Updatep37

Zimbra ≫ Collaboration Version9.0.0 Updatep38

Zimbra ≫ Collaboration Version9.0.0 Updatep39

Zimbra ≫ Collaboration Version9.0.0 Updatep4

Zimbra ≫ Collaboration Version9.0.0 Updatep40

Zimbra ≫ Collaboration Version9.0.0 Updatep5

Zimbra ≫ Collaboration Version9.0.0 Updatep6

Zimbra ≫ Collaboration Version9.0.0 Updatep7

Zimbra ≫ Collaboration Version9.0.0 Updatep7.1

Zimbra ≫ Collaboration Version9.0.0 Updatep8

Zimbra ≫ Collaboration Version9.0.0 Updatep9

Zimbra ≫ Collaboration Version10.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	20.52%	0.953

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

Vendor Advisory

https://wiki.zimbra.com/wiki/Security_Center

Release Notes

https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy

Product

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes

Release Notes

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes

Release Notes

https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes

Release Notes